Hi
If you have a syn-flood screen protection enabled, then this is expected. Starting
from the configured threshold, TCP sessions get proxied on SRX. Instead of being
forwarded to backend servers, every SYN from your nmap host will get a SYN/ACK
in response, regardless of port, and it does not depend on the actual state of this port
on the server (open/closed). Nmap will see all these ports as open just because
it receives a SYN/ACK.
This is how this protection work, it is not a security hole, but a security feature 🙂
For details, see doc, e.g.
http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-43941.html